From 71f19ae6f8370f7f261f2c6979d0328a63deec27 Mon Sep 17 00:00:00 2001
From: Moran Peker <moran.peker@arm.com>
Date: Sun, 22 Apr 2018 20:23:16 +0300
Subject: [PATCH] add missing call to psa_cipher_abort in cipher_setup func +
 iv_length check in cipher_set_iv func

---
 library/psa_crypto.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0e2d6dafa..b29b763f6 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1359,7 +1359,10 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
         }
         ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, mode );
         if (ret != 0)
+        {
+            psa_cipher_abort( operation );
             return( mbedtls_to_psa_error( ret ) );
+        }
     }
 #endif //MBEDTLS_CIPHER_MODE_WITH_PADDING
 
@@ -1424,6 +1427,13 @@ psa_status_t psa_encrypt_set_iv(psa_cipher_operation_t *operation,
     int ret = PSA_SUCCESS;
     if( operation->iv_set )
         return( PSA_ERROR_BAD_STATE );
+    if (iv_length != operation->iv_size)
+    {
+        if (((operation->alg) & PSA_ALG_ARC4) == PSA_ALG_ARC4)
+            return(PSA_ERROR_BAD_STATE);
+        else
+            return (PSA_ERROR_INVALID_ARGUMENT);
+    }
     ret =  mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length );
     if( ret != 0 )
     {
@@ -1466,7 +1476,6 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
                                size_t *output_length)
 {
     int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
-    
     uint8_t temp_output_buffer[ MBEDTLS_MAX_BLOCK_LENGTH ];
 
     if( ! operation->key_set )